What has been fixed?

In the last Patch Tuesday of the year, Microsoft has released a major Windows patch which has fixed over 20 vulnerabilities in the operating system.

Among the changes, seven tackle Windows flaws, five address problems in Microsoft Office and one relates to Windows Media Player. Microsoft labeled three of the Windows bulletins as “critical,” meaning they could allow an attacker to gain unauthorized access and execute malicious code on an infected system.

Importantly, this patch ended the month long wait for a fix for the Duqu vulnerability (CVE-2011-3402).

What is Duqu?

Discovered in early September, Duqu is a computer worm that has drawn concerns among the security community, which found it was built to harvest data from industrial control systems such as power plants. Researchers believe the same authors that built the infamous Stuxnet worm also designed Duqu.

Although Microsoft promptly provided a workaround to resolve the Duqu vulnerability issue, it was a temporary measure and the latest change is designed to resolve the issue on a permanent basis.

Who is affected?

All versions of Windows from XP onwards will need to be patched for the flaw.  Most computers should update automatically but updates can also be downloaded manually from the Microsoft support site.

Full details of the patch can also be found on Microsoft’s Security Bulletin page.